nodpay 0.2.35 → 0.2.37

package/bin/nodpay.mjs

@@ -2,6 +2,20 @@
 
 const command = process.argv[2];
 
+// Remote wallet routing: if config.json has remote_wallet and command is sign/wallets,
+// delegate to SafeClaw vault proxy (HTTP passthrough) instead of local execution.
+const REMOTE_COMMANDS = new Set(['sign', 'wallets']);
+if (command && REMOTE_COMMANDS.has(command)) {
+  const { loadConfig } = await import('../scripts/config.mjs');
+  const config = loadConfig();
+  if (config.remote_wallet) {
+    const { remoteSign, remoteWallets } = await import('../scripts/remote.mjs');
+    if (command === 'sign') await remoteSign(config.remote_wallet);
+    else if (command === 'wallets') await remoteWallets(config.remote_wallet);
+    process.exit(0);
+  }
+}
+
 if (command === 'propose') {
   // Forward all args after 'propose' to the propose script
   const scriptPath = new URL('../scripts/propose.mjs', import.meta.url).pathname;
@@ -23,6 +37,14 @@ if (command === 'propose') {
   const scriptPath = new URL('../scripts/gasprice.mjs', import.meta.url).pathname;
   process.argv = [process.argv[0], scriptPath, ...process.argv.slice(3)];
   await import(scriptPath);
+} else if (command === 'sign') {
+  const scriptPath = new URL('../scripts/sign.mjs', import.meta.url).pathname;
+  process.argv = [process.argv[0], scriptPath, ...process.argv.slice(3)];
+  await import(scriptPath);
+} else if (command === 'wallets') {
+  const scriptPath = new URL('../scripts/wallets.mjs', import.meta.url).pathname;
+  process.argv = [process.argv[0], scriptPath, ...process.argv.slice(3)];
+  await import(scriptPath);
 } else if (command === 'version' || command === '--version' || command === '-v') {
   const { readFileSync } = await import('fs');
   const pkg = JSON.parse(readFileSync(new URL('../package.json', import.meta.url), 'utf8'));
@@ -36,6 +58,8 @@ Commands:
   txs       List pending and completed transactions
   nonce     Query next nonce from on-chain EntryPoint
   gasprice  Get current gas price and estimated gas cost per chain
+  sign      Sign a hash with agent key (stdin JSON)
+  wallets   List all local wallets (JSON array)
 
 Examples:
   nodpay keygen
@@ -43,6 +67,12 @@ Examples:
   nodpay txs --safe 0x...
   nodpay nonce --safe 0x... --chain base
   nodpay gasprice --chain base
+  echo '{"hash":"0x..."}' | nodpay sign
+  nodpay wallets
+
+Remote wallet (SafeClaw):
+  Set ~/.nodpay/config.json: {"remote_wallet": "http://localhost:23295/nodpay"}
+  sign/wallets will delegate to SafeClaw vault proxy automatically.
 
 Docs: https://nodpay.ai/skill.md`);
   process.exit(command ? 1 : 0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodpay",
-  "version": "0.2.35",
+  "version": "0.2.37",
   "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
   "type": "module",
   "bin": {

package/scripts/config.mjs

@@ -0,0 +1,20 @@
+/**
+ * Load ~/.nodpay/config.json (optional).
+ *
+ * Returns parsed config or {} if file doesn't exist / is invalid.
+ */
+
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+import { HOME } from './env.mjs';
+
+const CONFIG_PATH = join(HOME, '.nodpay', 'config.json');
+
+export function loadConfig(path = CONFIG_PATH) {
+  if (!existsSync(path)) return {};
+  try {
+    return JSON.parse(readFileSync(path, 'utf8'));
+  } catch {
+    return {};
+  }
+}

package/scripts/env.mjs

@@ -0,0 +1,59 @@
+/**
+ * Unified environment variable loader for NodPay CLI.
+ *
+ * Priority (highest wins):
+ *   1. process.env (real env — set by caller, SafeClaw injection, container, etc.)
+ *   2. ~/.nodpay/.env file (convenience layer for local dev)
+ *
+ * The .env file is loaded into process.env WITHOUT overriding existing values.
+ * This matches standard dotenv behavior and Unix conventions:
+ *   NODPAY_AGENT_KEY=0xabc npx nodpay propose  →  uses 0xabc, ignores file
+ *
+ * After loadDotEnv(), all code reads from process.env uniformly.
+ */
+
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+
+const HOME = process.env.HOME || process.env.USERPROFILE || '/tmp';
+const DEFAULT_ENV_PATH = join(HOME, '.nodpay', '.env');
+
+/**
+ * Parse a .env file and load values into process.env.
+ * Does NOT override existing env vars (real env takes priority).
+ *
+ * @param {string} [envPath] - Path to .env file. Defaults to ~/.nodpay/.env
+ */
+export function loadDotEnv(envPath = DEFAULT_ENV_PATH) {
+  if (!existsSync(envPath)) return;
+  try {
+    const lines = readFileSync(envPath, 'utf8').split('\n');
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith('#') || !trimmed.includes('=')) continue;
+      const eqIdx = trimmed.indexOf('=');
+      const name = trimmed.slice(0, eqIdx).trim();
+      const value = trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, '');
+      // Only set if not already in process.env (real env wins)
+      if (!(name in process.env)) {
+        process.env[name] = value;
+      }
+    }
+  } catch {
+    // Non-fatal: .env file may not exist or be unreadable
+  }
+}
+
+/**
+ * Get an env var after .env has been loaded.
+ * Convenience wrapper — just reads process.env.
+ *
+ * @param {string} name - Environment variable name
+ * @param {string} [fallback] - Default value if not set
+ * @returns {string|undefined}
+ */
+export function env(name, fallback) {
+  return process.env[name] || fallback;
+}
+
+export { HOME, DEFAULT_ENV_PATH };

package/scripts/keygen.mjs

@@ -14,41 +14,32 @@
 import { Wallet } from 'ethers';
 import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from 'fs';
 import { resolve, dirname, join } from 'path';
+import { loadDotEnv, env, HOME } from './env.mjs';
 
 const args = process.argv.slice(2);
 const envFileIdx = args.indexOf('--env-file');
-const HOME = process.env.HOME || process.env.USERPROFILE || '/tmp';
 const envFile = envFileIdx !== -1
   ? resolve(args[envFileIdx + 1])
   : join(HOME, '.nodpay', '.env');
 
 const ENV_VAR = 'NODPAY_AGENT_KEY';
 
-// Check if key already exists in the env file
-function findExistingKey() {
-  if (!existsSync(envFile)) return null;
-  const lines = readFileSync(envFile, 'utf8').split('\n');
-  for (const line of lines) {
-    const trimmed = line.trim();
-    if (trimmed.startsWith('#') || !trimmed.includes('=')) continue;
-    const [name, ...rest] = trimmed.split('=');
-    if (name.trim() === ENV_VAR) {
-      const value = rest.join('=').trim().replace(/^["']|["']$/g, '');
-      if (value) return value;
-    }
-  }
-  return null;
-}
+// Load .env file into process.env (real env takes priority)
+loadDotEnv(envFile);
 
-const existing = findExistingKey();
+// Check if key already exists (process.env — from real env or .env file)
+const existing = env(ENV_VAR);
 
 if (existing) {
   try {
     const wallet = new Wallet(existing);
     console.log(wallet.address);
-    console.error(`${ENV_VAR} already configured in ${envFile}`);
+    const source = process.env[ENV_VAR] === existing && !existsSync(envFile)
+      ? 'environment variable'
+      : envFile;
+    console.error(`${ENV_VAR} already configured (${source})`);
   } catch {
-    console.error(`${ENV_VAR} exists in ${envFile} but is invalid. Remove it and re-run.`);
+    console.error(`${ENV_VAR} is set but invalid. Check your env or ${envFile}.`);
     process.exit(1);
   }
 } else {

package/scripts/propose.mjs

@@ -6,7 +6,7 @@
  * The agent signs first (1 of 2). The serialized SafeOperation is
  * output so the web app can have the user co-sign and submit.
  *
- * Agent key: read from .nodpay/.env or via --remote-signer (SafeClaw proxy).
+ * Agent key: from process.env.NODPAY_AGENT_KEY (real env > ~/.nodpay/.env file > --remote-signer).
  * Chain config: resolved via --chain from @nodpay/core networks registry.
  * Bundler: NodPay public proxy (override with OP_STORE_URL for self-hosted).
  *
@@ -27,15 +27,22 @@
 
 import { Safe4337Pack } from '@safe-global/relay-kit';
 import { ethers } from 'ethers';
-import { readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'fs';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { computeUserOpHash, ENTRYPOINT } from '@nodpay/core';
+import { loadDotEnv, env, HOME } from './env.mjs';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PENDING_DIR = join(__dirname, '..', '.pending-txs');
 mkdirSync(PENDING_DIR, { recursive: true });
 
+// Load ~/.nodpay/.env into process.env (real env takes priority, file is fallback)
+const _envFileArg = process.argv.includes('--env-file')
+  ? process.argv[process.argv.indexOf('--env-file') + 1]
+  : undefined;
+loadDotEnv(_envFileArg);
+
 // Resolve chain config: --chain flag auto-resolves from networks.json, env vars as fallback
 import { createRequire } from 'module';
 const require = createRequire(import.meta.url);
@@ -64,26 +71,10 @@ if (chainArg) {
 }
 const ENTRYPOINT_ADDRESS = ENTRYPOINT;
 
-const HOME = process.env.HOME || process.env.USERPROFILE || '/tmp';
-
-// SECURITY: Read agent key from ~/.nodpay/.env file (chmod 600), not from
-// process.env or CLI args. The key is loaded at runtime by the script itself,
-// so it never passes through the LLM agent's context or conversation history.
-function loadAgentKey() {
-  try {
-    const envPath = join(HOME, '.nodpay', '.env');
-    const lines = readFileSync(envPath, 'utf8').split('\n');
-    for (const line of lines) {
-      const trimmed = line.trim();
-      if (trimmed.startsWith('#') || !trimmed.includes('=')) continue;
-      const [name, ...rest] = trimmed.split('=');
-      if (name.trim() === 'NODPAY_AGENT_KEY') {
-        return rest.join('=').trim().replace(/^["']|["']$/g, '');
-      }
-    }
-  } catch {}
-  return null;
-}
+// SECURITY: Agent key is read from process.env.NODPAY_AGENT_KEY.
+// The .env file was loaded above (loadDotEnv) without overriding real env vars.
+// Priority: real env (SafeClaw injection, container, explicit) > .env file.
+// The key never appears in stdout or agent conversation history.
 
 const DEFAULT_SAFE = null; // always use --safe flag
 
@@ -91,21 +82,7 @@ const DEFAULT_SAFE = null; // always use --safe flag
 // agents don't need their own bundler API key. This is a thin relay — it
 // forwards the UserOp to a bundler service and returns the result. The proxy
 // only sees the already-signed (partial) UserOp; it cannot modify or execute it.
-// Optional overrides (OP_STORE_URL, WEB_APP_URL) also read from ~/.nodpay/.env.
-function loadDotEnvVar(name, fallback) {
-  try {
-    const envPath = join(HOME, '.nodpay', '.env');
-    const lines = readFileSync(envPath, 'utf8').split('\n');
-    for (const line of lines) {
-      const trimmed = line.trim();
-      if (trimmed.startsWith('#') || !trimmed.includes('=')) continue;
-      const [k, ...rest] = trimmed.split('=');
-      if (k.trim() === name) return rest.join('=').trim().replace(/^["']|["']$/g, '');
-    }
-  } catch {}
-  return fallback;
-}
-const opStoreBase = loadDotEnvVar('OP_STORE_URL', 'https://nodpay.ai/api');
+const opStoreBase = env('OP_STORE_URL', 'https://nodpay.ai/api');
 const BUNDLER_URL = `${opStoreBase}/bundler/${CHAIN_ID}`;
 
 // --- Agent key: remote signer (SafeClaw proxy) or local key (~/.nodpay/.env) ---
@@ -143,10 +120,10 @@ if (_remoteSignerUrl) {
     return (await signRes.json()).signature;
   };
 } else {
-  // Local mode: read key from ~/.nodpay/.env (original behavior)
-  const NODPAY_AGENT_KEY = loadAgentKey();
+  // Local mode: read key from process.env (loaded from real env or ~/.nodpay/.env)
+  const NODPAY_AGENT_KEY = env('NODPAY_AGENT_KEY');
   if (!NODPAY_AGENT_KEY) {
-    console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY in ~/.nodpay/.env — run npx nodpay keygen or use --remote-signer' }));
+    console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY — set env var, add to ~/.nodpay/.env, or use --remote-signer' }));
     process.exit(1);
   }
   _localAgentKey = NODPAY_AGENT_KEY;
@@ -201,6 +178,18 @@ if (!ethers.isAddress(to)) {
 
 const SAFE_ADDRESS = safeOverride || DEFAULT_SAFE;
 
+// Read optional wallet JSON for rpId (SafeClaw cross-origin passkey support)
+let walletRpId = null;
+if (SAFE_ADDRESS) {
+  const walletJsonPath = join(HOME, '.nodpay', 'wallets', `${SAFE_ADDRESS}.json`);
+  if (existsSync(walletJsonPath)) {
+    try {
+      const walletData = JSON.parse(readFileSync(walletJsonPath, 'utf8'));
+      if (walletData.rpId) walletRpId = walletData.rpId;
+    } catch {}
+  }
+}
+
 if (!isCounterfactual && !SAFE_ADDRESS) {
   console.error(JSON.stringify({ error: 'Missing SAFE_ADDRESS. Use --safe <address> or set SAFE_ADDRESS env, or use --counterfactual.' }));
   process.exit(1);
@@ -588,12 +577,13 @@ try {
       result.opStoreError = storeData.error || `HTTP ${storeRes.status}`;
     }
     if (storeData.shortHash) {
-      const webBase = loadDotEnvVar('WEB_APP_URL', 'https://nodpay.ai/');
+      const webBase = env('WEB_APP_URL', 'https://nodpay.ai/');
       // Build approve URL with passkey params for SafeClaw users (no localStorage)
       const approveParams = new URLSearchParams({ safeOpHash: storeData.safeOpHash });
       if (passkeyX) approveParams.set('px', passkeyX);
       if (passkeyY) approveParams.set('py', passkeyY);
       if (recoverySigner) approveParams.set('recovery', recoverySigner);
+      if (walletRpId) approveParams.set('rpId', walletRpId);
       approveUrl = `${webBase}approve?${approveParams.toString()}`;
       result.approveUrl = approveUrl;
       result.opStoreSafeOpHash = storeData.safeOpHash;

package/scripts/remote.mjs

@@ -0,0 +1,58 @@
+/**
+ * Remote wallet proxy — delegates sign/wallets to SafeClaw vault proxy.
+ *
+ * Used when ~/.nodpay/config.json has "remote_wallet" set.
+ * Transparent: stdin/stdout/stderr/exitCode passthrough.
+ */
+
+/**
+ * POST {base}/sign — pipe stdin as body, stdout the response.
+ * @param {string} base - remote_wallet URL (e.g. http://localhost:23295/nodpay)
+ */
+export async function remoteSign(base) {
+  // Read stdin
+  const chunks = [];
+  for await (const chunk of process.stdin) chunks.push(chunk);
+  const body = Buffer.concat(chunks).toString('utf8').trim();
+
+  if (!body) {
+    console.error(JSON.stringify({ error: 'Empty stdin. Expected JSON: {"hash":"0x..."}' }));
+    process.exit(1);
+  }
+
+  try {
+    const res = await fetch(`${base.replace(/\/$/, '')}/sign`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body,
+    });
+    const text = await res.text();
+    if (!res.ok) {
+      console.error(text);
+      process.exit(1);
+    }
+    console.log(text);
+  } catch (e) {
+    console.error(JSON.stringify({ error: `Remote sign failed: ${e.message}` }));
+    process.exit(1);
+  }
+}
+
+/**
+ * GET {base}/wallets — stdout the response.
+ * @param {string} base - remote_wallet URL
+ */
+export async function remoteWallets(base) {
+  try {
+    const res = await fetch(`${base.replace(/\/$/, '')}/wallets`);
+    const text = await res.text();
+    if (!res.ok) {
+      console.error(text);
+      process.exit(1);
+    }
+    console.log(text);
+  } catch (e) {
+    console.error(JSON.stringify({ error: `Remote wallets failed: ${e.message}` }));
+    process.exit(1);
+  }
+}

package/scripts/sign.mjs

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+/**
+ * Sign a hash with the agent's private key.
+ *
+ * Reads JSON from stdin: {"hash": "0x..."}
+ * Outputs JSON to stdout: {"signature": "0x..."}
+ *
+ * Key source: process.env.NODPAY_AGENT_KEY (real env > ~/.nodpay/.env file)
+ *
+ * Usage:
+ *   echo '{"hash":"0xabc..."}' | npx nodpay sign
+ */
+
+import { ethers } from 'ethers';
+import { loadDotEnv, env } from './env.mjs';
+
+// Load .env file (real env takes priority)
+loadDotEnv();
+
+const NODPAY_AGENT_KEY = env('NODPAY_AGENT_KEY');
+if (!NODPAY_AGENT_KEY) {
+  console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY — set env var or add to ~/.nodpay/.env' }));
+  process.exit(1);
+}
+
+// Read stdin
+const chunks = [];
+for await (const chunk of process.stdin) chunks.push(chunk);
+const input = Buffer.concat(chunks).toString('utf8').trim();
+
+if (!input) {
+  console.error(JSON.stringify({ error: 'Empty stdin. Expected JSON: {"hash":"0x..."}' }));
+  process.exit(1);
+}
+
+try {
+  const { hash } = JSON.parse(input);
+  if (!hash || !hash.startsWith('0x')) {
+    console.error(JSON.stringify({ error: 'Invalid input. Expected {"hash":"0x..."}' }));
+    process.exit(1);
+  }
+
+  const wallet = new ethers.Wallet(NODPAY_AGENT_KEY);
+  const sig = wallet.signingKey.sign(hash);
+  const signature = ethers.Signature.from(sig).serialized;
+
+  console.log(JSON.stringify({ signature }));
+} catch (e) {
+  console.error(JSON.stringify({ error: e.message || String(e) }));
+  process.exit(1);
+}

package/scripts/wallets.mjs

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+/**
+ * List all local NodPay wallets.
+ *
+ * Reads ~/.nodpay/wallets/*.json and outputs a JSON array to stdout.
+ *
+ * Usage:
+ *   npx nodpay wallets
+ *   npx nodpay wallets --json   (same, explicit)
+ */
+
+import { readdirSync, readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+import { HOME } from './env.mjs';
+
+const WALLETS_DIR = join(HOME, '.nodpay', 'wallets');
+
+if (!existsSync(WALLETS_DIR)) {
+  console.log(JSON.stringify([]));
+  process.exit(0);
+}
+
+try {
+  const files = readdirSync(WALLETS_DIR).filter(f => f.endsWith('.json'));
+  const wallets = [];
+  for (const file of files) {
+    try {
+      const data = JSON.parse(readFileSync(join(WALLETS_DIR, file), 'utf8'));
+      wallets.push(data);
+    } catch {
+      // Skip invalid JSON files
+    }
+  }
+  console.log(JSON.stringify(wallets, null, 2));
+} catch (e) {
+  console.error(JSON.stringify({ error: e.message || String(e) }));
+  process.exit(1);
+}